BlueHost and HostMonstor Hacked By Syrian Electronic Army
\nThis time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider.
\nApart from this, its seems that SEA hackers have also hacked twitter account of BlueHost. Hackers had made a tweet from the compromised account. Currently the tweet were deleted but you can see the below image of the tweet done by SEA hackers.
\nLink: http:\/\/www.cyberkendra.com\/2015\/03\/bluehost-and-hostmonstor-hacked-by.html <\/p>\n
10 practical security tips for DevOps
\nYou will hear the concept of \u2018Infrastructure as Code\u2019 within DevOps. This is where the platforms infrastructure is stored as a set of scripts that can be executed in a repeatable way. Security needs to be looked at in the same way, with moving to \u2018Security as Code\u2019 or \u2018Software Defined Security\u2019. By moving from a legacy procedure in a Word document to a set of scripts, we can automate that document which means that it can be executed in a repeated and predictable way – it can be included into the DevOps pipeline.
\nFor security professionals it is key to understand that instead of validating the end solution you need to validate the pipeline. If you are happy that the pipeline is building the solution in a way that meets you security goals you can be confident that this will be repeated every time a developer needs to get source code into production.
\nHere are 10 practical security tips for DevOps \u2026
\nLink: http:\/\/www.net-security.org\/article.php?id=2250 <\/p>\n
Interpol\u2019s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
\nA bunch of researchers from INTERPOL cyber threat team have spotted a loophole in the blockchain for virtual transactions which can be easily exploited and merged with data that is not supposed to be on web. The blockchain has a fixed open space that can be exploited if tapped into the right area.
\nThough, the loophole has not yet been exploited by people that are not supposed to, it could become a possible means for cyber crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.
\nLink: http:\/\/thetechportal.in\/2015\/03\/30\/interpols-global-complex-for-innovation-identifies-dangerous-malware-in-cryptocurrency-transactions\/ <\/p>\n
Financial Services: Investing in Data Security Risk Mitigation
\nIn the words of the late Peter Drucker, \u201cWhat gets measured gets managed\u201d. This also holds true in today\u2019s cyber threat landscape.
\nYour biggest challenge is a lack of visibility and awareness.
\nThere is no single security tool that will remove all potential points of weakness.
\nYou must be able to identify, manage, monitor and respond to any threats that may exist. Once a risk is quantified, a risk response tool will allow you to take action preemptively or even during the incident to minimize the potential of a data breach.
\nLink: http:\/\/www.techzone360.com\/topics\/techzone\/articles\/2015\/03\/30\/400614-financial-services-investing-data-security-risk-mitigation.htm <\/p>\n
Security crashes the boardroom party
\nGiven the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk.
\nIn a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?
\nIsn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?
\nLink: http:\/\/www.cio.com\/article\/2899082\/security0\/security-crashes-the-boardroom-party.html <\/p>\n
Russian banks combat Tyupkin ATM malware gang
\nThe Russian Ministry of Internal Affairs, together with the Federal Security Service, are taking steps to try and locate a criminal cyber-group specialising in robbing ATMs using the Tyupkin computer malware.
\nThe criminals work in two stages. First, they get physical access to the ATMs and insert a bootable CD to install the malware \u2013 code named Tyupkin by Kaspersky Lab which discovered the exploit last year. After they reboot the system, the infected ATM is under their control.
\nLink: http:\/\/www.scmagazineuk.com\/russian-banks-combat-tyupkin-atm-malware-gang\/article\/406061\/ <\/p>\n
Protecting Critical Infrastructure from Threats
\nAccording to research performed by Lloyd\u2019s of London insurer, Aegis London, \u201cin the first half of the 2013 fiscal year, the US Department of Homeland Security\u2019s Industrial Control Systems\u2013Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China\u201d. Efforts to improve the security of critical infrastructure systems like nuclear power plants and water treatment facilities have accelerated at a rapid rate since the issuance of US Executive Order 13636, \u201cImproving Critical Infrastructure Cybersecurity\u201d, on February 12, 2013.
\nWhen making decisions about security policies for a critical infrastructure facility, the costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. The solution for each organisation will vary based on the requirements necessary to meet their security and business objectives.
\nLink: http:\/\/www.pandct.com\/media\/shownews.asp?ID=43167 <\/p>\n
Eighth Annual “State of the Network” Global Study From JDSU’s Network Instruments Finds 85 Percent of Enterprise Network Teams Now Involved in Security Investigations
\nAs threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data. This reflects an average uptick of 25 percent since 2013. Additionally, network teams’ security activities are diversifying. Teams are increasingly implementing preventative measures (65 percent), investigating attacks (58 percent) and validating security tool configurations (50 percent). When dealing with threats, half of respondents indicated that correlating security issues with network performance is their top challenge.
\nThe full results of the survey, available for download, also show that emerging network technologies have gained greater adoption over the past year.
\nLink: http:\/\/www.istockanalyst.com\/business\/news\/7249004\/eighth-annual-state-of-the-network-global-study-from-jdsu-s-network-instruments-finds-85-percent-of-enterprise-network-teams-now-involved-in-security-investigations<\/p>\n","protected":false},"excerpt":{"rendered":"
BlueHost and HostMonstor Hacked By Syrian Electronic Army This time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider. Apart from this, its…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1008","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1008"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1008\/revisions"}],"predecessor-version":[{"id":3495,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1008\/revisions\/3495"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}